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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address ~ 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 1 5 September 2005 . 
2a)D This action is FINAL. 2b)[3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) IEI Claim(s) 1^5 is/are pending in the application. 

4a) Of the above claim(s) 6-10 is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) S Claim(s) 1,2 and 5 is/are rejected. 

7) IEI Claim(s) 3^4 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) (EI The drawing(s) filed on 2/22/02 is/are: a)S accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) Q Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 
2.D Certified copies of the priority documents have been received in Application No. 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Claims 1-5 have been considered. 



Election/Restrictions 

5 Claims 6-10 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being 

drawn to a nonelected group, there being no allowable generic or linking claim. Election was made 
without traverse in the reply filed on 9/15/05. 



Allowable Subject Matter 

10 Claim 3 is objected to as being dependent upon a rejected base claim, but would be allowable if 

rewritten in independent form including all of the limitations of the base claim and any intervening claims. 



Claim 4 is objected to as being dependent upon a rejected base claim, but would be allowable if 
rewritten in independent form including all of the limitations of the base claim and any intervening claims. 

15 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
20 forth in section 102 of this title, if the differences between the subject matter sought to be patented and 

the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

25 

Claims 1,2, and 5 are rejected under 35 U.S.C. 103(a) as being unpatentable over Guan, U.S. 
Patent Application Publication No. 2001/0027472, in view of Schneier (Schneier, Bruce. Applied 
Cryptography. 1996. Washington DC. Pages 4-5,31-33), in further view of Black, U.S. Patent 
Application No. 2002/0081005. 



30 
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As per claim 1, the applicant describes a method for providing secure access to information held 
in a shared repository, comprising the following limitations which are met by Guan in view of Schneier in 
further view of Black: 

a) storing, on a data server, information provided by a data owner (Guan: [0030] to [0040]); 
5 b) providing, to the data owner, a data owner public key and a data owner private key, the data 

owner public key and the data owner private key being a first key pair of a public-key cryptography 
system (Schneier: pages 4-5 and pages 31-33); 

c) providing the data owner public key to the data server (Schneier: pages 4-5 and pages 31-33); 

d) providing, to a data user, a data user public key and a data user private key, the data user 
10 public key and the data user private key being a second key pair of the public-key cryptography system 

(Schneier: pages 4-5; pages 31-33); 

e) providing the data user public key to the data server (Guan: [0030]-[0040]); 

f) sending the data user public key from the data user to the data owner (Guan: [0030]-[0040]); 

g) encrypting the data user public key by the data owner, using the data owner private key, to 
15 provide an encrypted data user public key (Guan: [0030]-[0040]; Schneier: pages 4-5, 31-33); 

h) sending, by the data owner to the data server, the encrypted data user public key and a 
command that gives the data server permission to transfer the information to the data user (Guan: [0030]- 
[0040]; Schneier: pages 4-5, 31-33); 

i) decrypting the encrypted data user public key, using the data owner public key, to provide a 
20 check word (Guan: [0030]-[0040]); 

j) comparing the check word and the data user public key (Guan: [0030]-[0040]); 

k) if the step of comparing the check word and the data user public key indicates that the check 
word and the data user public key match, recording permission to transfer the information in an access 
list (Black: [0055]); 

25 Guan discloses a method for providing secure access to information held in a shared repository in 

which information provided by a data owner is stored on a data server. The information may include 
electronic business cards [0030]. Further, Guan discloses that public id (info-id) is sent from a data user 
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to a data owner. The public id is sent from a data owner to a data server. The public id is stored on a 
data server in an access list. If a public id provided by a data user matches the public id stored on the 
data server, information is transferred to the data user. 

While Guan discloses a system which is similar to the applicant's claimed invention, Guan does 
5 not specifically disclose that the data user and data owner are provided with a key pair of a public-key 
cryptography system. Schneier discloses the idea of public key cryptography in which users are provided 
with a key pair of a public-key cryptography system used for implementing asymmetric cryptographic 
communication. Schneier also discloses that a public key is a public id of a user. Combining the ideas of 
Schneier into the system allows the public id to take the form of a public key. It would have been obvious 

10 to one of ordinary skill in the art at the time the invention was filed to combine the ideas of Schneier with 
those of Guan and use a public key as the public id because allowing the use of a user's public key as a 
public id provides a convenient means for the utilization of a public id since it precludes the unnecessary 
generation of a new public id by allowing for the use of the known public key. 

Guan in view of Schneier is also deficient in that it does not disclose all the limitations of part k. 

15 In Guan in view of Schneier, if the step of comparing the check word and the data user public key 

indicates that the check word and data user public key match, access to the data is allowed for the data 
user as prescribed by the access list [0040]. However, there is no mention of recording permission to 
transfer the information in an access list. Black discloses the idea of recording permission to transfer the 
information in an access list. Combining the ideas of Black with those of Guan in view of Schneier allows 

20 permission to transfer the information to be recorded in an access list. It would have been obvious to one 
of ordinary skill in the art at the time the invention was filed to combine the ideas of Black with those of 
Guan in view of Schneier because doing so makes the system more robust by keeping a more detailed 
access record by monitoring and recording particular accesses to information, 

25 As per claim 2, the applicant describes the method of claim 1, which is met by Guan in view of 

Schneier in further view of Black, with the following limitation which is met by Guan and Schneier: 
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a) receiving, by the data server, a request by the data user to transfer information to the data user 
(Guan: [0030]-[0040]); 

b) responsive to receiving the request, checking the access list to determine whether the data 
server has permission to transfer the information (Guan: [0030]-[0040]); 

5 c) if the data server has permission, encrypting the information using the data user public key to 

provide encrypted information (Schneier: pages 4-5 and 31-33); 

d) transferring the encrypted information to the data user (Schneier: pages 4-5 and 31-33; Guan: 
[0030]-[0040]). 



10 As per claim 5, the applicant describes the method of claim 1, which is met by Guan in view of 

Schneier in further view of Black, with the following limitation which is met by Guan: 

Wherein the information includes an electronic business card (Guan: [0030]). 



Conclusion 

15 This action is made non-final. 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Kevin Schubert whose telephone number is (571) 272-4239. The examiner can normally 
be reached on M-F 7:30-6:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
20 Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
25 Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 
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